Vulnerability Management

 

 

 

 

 

 

Sophisticated Systems to Address Security Vulnerabilities

Strong vulnerability management isn’t just a requirement in today’s complex security landscape. It’s the sign of mature incident response, indicating a company doesn’t just react to reported issues, it responds in measured ways, following industry-approved practices. 

We employ a wide range of vulnerability management and response tactics and work across the industry on mitigation development, validation, and disclosure of security vulnerabilities. You can trust we’re always looking for vulnerabilities. When we find them or they’re reported to us, we act with integrity and transparency.

Intel Product Security & Incident Response Team (PSIRT)

Intel’s PSIRT helped define and role models industry-approved methods for how we support product engineering in the identification, management, and disclosure of security vulnerabilities that may affect shipped and supported products. PSIRT is the central point for managing Intel’s response to product security vulnerabilities, including:

  • Setting policy, process, and tooling to ensure consistent handling, disposition and disclosure of product security vulnerabilities.
  • Advising Intel businesses and engineering groups on product security vulnerability handling.
  • Maintaining relationships with partner, customer and government agency PSIRTs and vulnerability handling organizations.
  • Creating and actively participating in industry groups and standards, to help influence creation of best practices and standards. 

Intel’s PSIRT holds deep industry expertise, with team members averaging 18 years of experience.

Intel PSIRT Mission

Vulnerability Handling Processes

  

  

  

Intel Bug Bounty Program

Our PSIRT manages the Intel Bug Bounty Program. This program provides recognition to encourage external researchers to report security vulnerabilities on Intel products and collaborate on disclosure. Through the Bug Bounty program, Intel has worked with more than 250 external researchers since inception.

  

  

Media/PR Inquiries

Have a question or would like to know more about our vulnerability management practices?

  

  

  

  

  

  

Industry Engagement

The Intel PSIRT is a strong supporter and member of industry groups. These engagements enable us to drive change for information and product security communities and accelerate security practices across industries.

   

  

Product Security Center

Intel is focused on helping ensure the security of our customers’ computing environments by promptly addressing issues as they arise and providing recommendations through security advisories and security notices—these include mitigations or workarounds for vulnerabilities identified with Intel products.

The Intel Product Security Center is regularly updated with the latest security information on Intel products.

  

  

  

  

  

  

Software Security Guidance

Are you a software developer or system admin looking for resources to help you assess risk and build more secure solutions? We’ve designed a site for you. The Intel Developer Zone includes guidance on designing solutions with security in mind, including best practices for cryptography, software-based mitigations and affected processors by vulnerability for side channels.